Basic Steps to integrate Linux LDAP client with AD....kerberos and SASL issues/confusion

Markus Moeller huaraz at moeller.plus.com
Fri Jul 30 17:10:09 EDT 2004


Bill,

have a look at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=144f7b82-65cf-4105-b60c-44515299797d&DisplayLang=en

Regards
Markus

"Bill Pappas" <bill.pappas at STJUDE.ORG> wrote in message
news:1090695750.5693.1.camel at bpappaslt.stjude.org...
> On Thu, 2004-07-22 at 13:59, Bill Pappas wrote:
> > Hello.  Is there a complete set of instructions for using MIT kerberos
> > with SASL and Active Directory?
> >
> > I want to authenticate using kerberos.  I want to be able to search the
> > LDAP server using an encrypted password when I binddn.  I can do
> > searches in clear test, but this is not suitable.
> >
> > But in the end, I really want to extend AD (via MS Services for Unix
> > which would extend the AD schema for NIS mapping) and modify my ldap
> > client (via nss and pam libraries) to use a common userid for all
> > platform.  Upon modifying the client, for example, I could ssh or even
> > log on the console of the client with my AD user.  If I were to type (on
> > the client) getent passwd | grep username, I'd get the sanAccount name,
> > a unix UID/GID which was assigned via SFS's extending the AD schema.
> >
> > My problem is finding a clear procedure that is up to date and
> > complete.  I'm clueless on how SASL interacts with Kerberos (if it
> > does).
> >
> > Any help would be appreciated.
> >
> >
> >
> > LDAP Client:
> > RedHat AS 3.0
> > openldap-2.2.13
> > MIT krb5-1.3.4
> > cyrus-sasl-plain-2.1.15-3
> > cyrus-sasl-md5-2.1.15-3
> > cyrus-sasl-gssapi-2.1.15-3
> > cyrus-sasl-2.1.15-3
> > cyrus-sasl-devel-2.1.15-3
> >
> > LDAP Server:
> > Active Directory (loosely based on LDAP) Windows 2000
> >
> -- 
> Thanks,
>
> Bill Pappas
> Systems Integration Engineer
> St. Jude Children's Research Hospital
> Department: Hartwell Center
> Phone: 901.495.4549
> Fax: 901.495.2945
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>





More information about the Kerberos mailing list